Auditing IT Services and Systems

'IT Services and Systems' is a phrase that takes in a wide range of disciplines, including:

  • Systems Development and Testing
  • User Management
  • Change Management (Configuration and System)
  • Service Desk
  • Event Monitoring
  • Backup and Recovery
  • Network Management
  • Firewall Management
  • Vulnerability Management
  • etc.

In all these areas, your organisation needs to be assured that the processes are operating correctly and that the IT systems that you rely upon are maintaining their integrity and supporting the levels of confidentiality and availability expected. The majority of these processes create an evidential trail of records that should provide the assurance required and the way to confirm this assumed level of assurance is to independently audit these areas.

Challenge of Auditing IT Services and Systems

Many organisations have established internal audit functions which competently undertake the majority of their audit requirements. However, IT audits can be challenging in that, to be effective, they also require a level of technical expertise to challenge and interrogate any findings and often these skills are not possessed by internal audit teams. Although these technical skills may exist within your own IT team, these individuals do not always possess auditing skills and, even if they do, they cannot be considered to be independent and are therefore not able to audit what may be their own work. This is why many organisations look to external expertise. URM’s auditors possess not just auditing expertise and experience, but the in-depth understanding of the technical IT infrastructure (including databases, networking and operating systems) and best practice processes (change management, service desk management) to effectively undertake your IT audits.

So How Can URM Help?

We can provide you with a full service in relation to your internal audit function and reassure you that the controls implemented within IT are operating effectively and as intended and satisfy the expectations of your stakeholders. We have significant technical experience within IT and have been involved in auditing all the major areas of IT administration. These include change management, release management, capacity management and access control management. In addition, we are able to audit key systems such as Windows Active Directory, firewalls and networking, as well as most key database systems and common operating systems.